The idea behind .options() is that it's an abstract interface, that provides a sensible set of options for TLS connections.

OpenSSLCertificateOptions, by contrast, is a pile of OpenSSL-specific implementation stuff in support of that interface. In particular it takes X509 instances rather than Certificate or PrivateCertificate instances to its constructor.

Now, obviously, the interface is not complete, but as we expand it, please don't add every single option, expressed in the bizarre, demented style that OpenSSL requires, requiring application code to import constants and classes from OpenSSL themselves. It's supposed to be an abstraction layer.